[OE-core] [PATCH] systemd: Fix rootfs transaction error when PACKAGECONFIG has polkit

Martin Jansa martin.jansa at gmail.com
Thu Sep 14 14:01:08 UTC 2017 

I'm sorry for noise, I've reproduced it in LuneOS raspberrypi build and the
root cause is wrongly used override in this bbappend:

https://github.com/webOS-ports/meta-rpi-luneos/blob/3b76e0b7d554e937263e685854819ab8454ebe35/recipes-core/systemd/systemd_%25.bbappend

On Thu, Sep 14, 2017 at 12:05 AM, Martin Jansa <martin.jansa at gmail.com>
wrote:

> Yes, you're right it shouldn't use passwd/group from host.
>
> I've tried to reproduce it in different build directory and now I see that
> it properly adds polkitd user in do_prepare_recipe_sysroot task already:
> OE @ ~ $ tail -n 15 /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/
> systemd/1_234-r0/temp/log.do_prepare_recipe_sysroot
> DEBUG: SITE files ['endian-little', 'common-linux', 'common-glibc',
> 'bit-64', 'x86_64-linux', 'common']
> DEBUG: SITE files ['endian-little', 'common-linux', 'common-glibc',
> 'bit-64', 'x86_64-linux', 'common']
> DEBUG: Executing shell function useradd_sysroot
> /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/
> systemd/1_234-r0/recipe-sysroot-native/usr/sbin/useradd
> Running groupadd commands...
> NOTE: systemd: Performing groupadd with [--root
> /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/
> systemd/1_234-r0/recipe-sysroot -r lock]
> NOTE: systemd: Performing groupadd with [--root
> /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/
> systemd/1_234-r0/recipe-sysroot  -r systemd-journal]
> Running useradd commands...
> NOTE: systemd: Performing useradd with [--root /OE/build/oe-core/tmp-glibc/
> work/core2-64-oe-linux/systemd/1_234-r0/recipe-sysroot     --system -d /
> -M --shell /bin/nologin systemd-timesync]
> NOTE: systemd: Performing useradd with [--root /OE/build/oe-core/tmp-glibc/
> work/core2-64-oe-linux/systemd/1_234-r0/recipe-sysroot  --system -d / -M
> --shell /bin/nologin systemd-network]
> NOTE: systemd: Performing useradd with [--root /OE/build/oe-core/tmp-glibc/
> work/core2-64-oe-linux/systemd/1_234-r0/recipe-sysroot   --system -d / -M
> --shell /bin/nologin systemd-resolve]
> NOTE: systemd: Performing useradd with [--root /OE/build/oe-core/tmp-glibc/
> work/core2-64-oe-linux/systemd/1_234-r0/recipe-sysroot  --system
> --no-create-home --user-group --home-dir /etc/polkit-1 polkitd]
> NOTE: systemd: Performing useradd with [--root /OE/build/oe-core/tmp-glibc/
> work/core2-64-oe-linux/systemd/1_234-r0/recipe-sysroot   --system -d / -M
> --shell /bin/nologin systemd-bus-proxy]
> DEBUG: Shell function useradd_sysroot finished
> DEBUG: Python function useradd_sysroot_sstate finished
>
> tomorrow I'll try to reproduce it in the directory where it failed before,
> my guess is that in that build do_prepare_recipe_sysroot wasn't re-executed
> correctly and unlike here:
> OE @ ~ $ grep -R polkitd /OE/build/oe-core/tmp-glibc/
> work/core2-64-oe-linux/systemd/1_234-r0/recipe-sysroot/etc
> /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/
> systemd/1_234-r0/recipe-sysroot/etc/group:polkitd:!:994:
> /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/
> systemd/1_234-r0/recipe-sysroot/etc/group-:polkitd:!:994:
> /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/
> systemd/1_234-r0/recipe-sysroot/etc/passwd-:polkitd:!:
> 996:994::/etc/polkit-1:
> /OE/build/oe-core/tmp-glibc/work/core2-64-oe-linux/
> systemd/1_234-r0/recipe-sysroot/etc/passwd:polkitd:!:
> 996:994::/etc/polkit-1:
>
> or there might be another issue in pseudo or something like that.
>
> Thanks
>
>
> On Wed, Sep 13, 2017 at 2:40 PM, Jason Wessel <jason.wessel at windriver.com>
> wrote:
>
>> It should work because it has nothing to do with that particular passwd
>> file.   This is builds successfully on a ubuntu 16.04 host which has no
>> polkitd user.
>>
>> Also with the user add stanza in the patch it should be adding the user
>> that is required when PACKAGECONFIG has the polkitd added to the psuedo
>> passwd file.   We have quite a few configurations building properly.  Where
>> I have seen transient failures before is when the -native sysroot does not
>> get rebuilt but that is typically with other recipes.
>>
>> Is this still a problem?
>>
>>
>> Jason.
>>
>>
>> On 09/06/2017 01:35 PM, Martin Jansa wrote:
>>
>> Does this work on hosts without polkitd user?
>>
>> Here it failed with:
>>
>> | chown: invalid user: ‘polkitd:root’
>>
>>
>>
>>
>>
>>
>> On Tue, Aug 15, 2017 at 8:55 PM, Jason Wessel <jason.wessel at windriver.com
>> > wrote:
>>
>>> The systemd 234 added some files to the polkit directory and the
>>> directory the files live in must be owned by the polkitd user, else
>>> you will receive the following error when the rootfs is being
>>> assembled:
>>>
>>> Error: Transaction check error:
>>>   file /usr/share/polkit-1/rules.d conflicts between attempted installs
>>> of polkit-0.113-r0.15.core2_64 and systemd-1:234-r0.0.core2_64
>>>
>>> The fix similar to other packages such as libvirt where the user must
>>> exist and the directory must be created with the proper attributes.
>>>
>>> Signed-off-by: Jason Wessel <jason.wessel at windriver.com>
>>> ---
>>>  meta/recipes-core/systemd/systemd_234.bb | 9 +++++++++
>>>  1 file changed, 9 insertions(+)
>>>
>>> diff --git a/meta/recipes-core/systemd/systemd_234.bb
>>> b/meta/recipes-core/systemd/systemd_234.bb
>>> index ad7fc99b90..4560cf4175 100644
>>> --- a/meta/recipes-core/systemd/systemd_234.bb
>>> +++ b/meta/recipes-core/systemd/systemd_234.bb
>>> @@ -245,6 +245,14 @@ do_install() {
>>>                 ln -s ../run/systemd/resolve/resolv.conf
>>> ${D}${sysconfdir}/resolv-conf.systemd
>>>         fi
>>>         install -Dm 0755 ${S}/src/systemctl/systemd-sysv-install.SKELETON
>>> ${D}${systemd_unitdir}/systemd-sysv-install
>>> +
>>> +       # If polkit is setup fixup permissions and ownership
>>> +       if [ "${@bb.utils.contains('PACKAGECONFIG', 'polkit', 'polkit',
>>> '', d)}" = "polkit" ] ; then
>>> +           if [ -d ${D}${datadir}/polkit-1/rules.d ] ; then
>>> +               chmod 700 ${D}${datadir}/polkit-1/rules.d
>>> +               chown polkitd:root ${D}${datadir}/polkit-1/rules.d
>>> +           fi
>>> +       fi
>>>  }
>>>
>>>  do_install_ptest () {
>>> @@ -308,6 +316,7 @@ USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG',
>>> 'timesyncd', '--sy
>>>  USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG',
>>> 'networkd', '--system -d / -M --shell /bin/nologin systemd-network;', '',
>>> d)}"
>>>  USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG',
>>> 'coredump', '--system -d / -M --shell /bin/nologin systemd-coredump;', '',
>>> d)}"
>>>  USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG',
>>> 'resolved', '--system -d / -M --shell /bin/nologin systemd-resolve;', '',
>>> d)}"
>>> +USERADD_PARAM_${PN} += "${@bb.utils.contains('PACKAGECONFIG',
>>> 'polkit', '--system --no-create-home --user-group --home-dir
>>> ${sysconfdir}/polkit-1 polkitd;', '', d)}"
>>>  GROUPADD_PARAM_${PN} = "-r lock; -r systemd-journal"
>>>  USERADD_PARAM_${PN}-extra-utils += "--system -d / -M --shell
>>> /bin/nologin systemd-bus-proxy;"
>>>
>>> --
>>> 2.11.0
>>>
>>> --
>>> _______________________________________________
>>> Openembedded-core mailing list
>>> Openembedded-core at lists.openembedded.org
>>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>>>
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openembedded.org/pipermail/openembedded-core/attachments/20170914/c69678d0/attachment-0002.html>

More information about the Openembedded-core mailing list